Hello all,
I am revising some Dansguardian scripts to work with the new beta IP-Cop
and the newest beta of Dansguardian and as a Linux novice was wondering why
the /etc/rc.d/init.d/ folder is missing from the install? Is this because
it is not required with the newer kernel? Is it just because none of the
services installed by default need it to start up?
Is there any harm in creating the folder in order to automatically start
the Dansguardian service?
Fernand

ok campers,
I've put together a twiki page for listing people and companies
willing to provide support for IPCop. I'm announcing it to the
developers list first so that we get a first shot at putting entries
in place and so I can get feedback as to what should be added or
deleted from the listings.
Take a look at http://ipcop.sourceforge.net/cgi-bin/twiki/view/IPCop/IPCopSupport and let me know what you think.
---eric

This sprang up on our Linux list...
---------- Forwarded Message ----------
Subject: Re: [LeapList]Re: next version of ipcop -- bridging L2 Ethernet
v. routing/filtering L3 IP
Date: 26 May 2002 02:54:29 -0400
From: "Bryan J. Smith" <b.j.smith@...>
To: leaplist@...
On Sun, 2002-05-26 at 02:13, Bryan J. Smith wrote:
> Actually it's quite simple. When you create a new zone, you use a
> new subnet. Just remember that and everything will be easy.
> Anything that is physically separated should be on a new subnet --
> don't bridge to the same subnet.
> Bridging Ethernet (layer 2) is NOT Routing IP (layer 3). To route
> between IP networks, they need to be on different IP subnets -- not
> bridged so they are the same IP subnet. I know this is a bit
> confusing, but if you spend a little time learning the OSI model and
> the technology used (especially at layers 2-4), it makes a heck of a
> lot more sense.
Here's the short version ...
- Internet Protocol (IP) and Filtering at OSI layers 3 and higher ...
IPCop is an IP packet filter (as are most firewalls) between different
IP [sub]net[works]. Typical IP subnets on a firewall include the LAN,
the Internet and one or more de-militarized zones (DMZ). IPCop
inspects IP packets as are received from one IP subnet, like the
Internet, that is destined for another, like the LAN. If the IP
packet matches some rules, it either drops it (if the matching rule
says to do so) or it accepts it (if the matching rule says to do so)
and then "routes" it to its destination.
IP is an OSI layer 3 protocol. Typical IP packets are organized into
layer 4 ICMP, UDP or TCP packets, which contain data organized in layer
5+ streams (web, ftp, etc...). Don't worry about knowing all this,
just know that IP involves OSI layers 3+. Any packet organized at a
higher layer than 3 eventually has to be send over layer 3. If the
packet is arriving from a remote IP subnet, it has to be "routed" at
some stage. This would then include passing through your layer 3 IP
packet filter which is IPCop.
- IEEE 802 Local Area Networking (LAN), OSI layers 2 and lower ...
Ethernet (IEEE 802.3 aka CSMA/CD -- long story) and Wireless LAN (WLAN,
IEEE 802.11 aka CSMA/CA -- long story) are OSI layer 2 mediums. Unlike
layer 3 IP, they are not designed to be for global communication, but
only local. Although different Ethernet and/or WLAN trunks can be
"bridged" between each other, again, this is only for short distances.
What confuses most people is that most WLAN access points (APs) are
just WLAN-to-Ethernet bridges. So you are directly and transparently
turning 802.11 WLAN frames into 802.3 Ethernet frames and vice-versa.
Because Ethernet and/or WLAN work at layer 2, even when "bridged," if
they are on the same layer 3 subnet, they do NOT need to be "routed".
Layers only talk directly to each other via lower layers, not higher
ones. Therefore they will NOT pass through your layer 3 IP router,
which is usually your layer 3 IP packet filter in IPCop**. So you must
put your Ethernet and WLAN nodes on _different_ layer 3 IP subnets,
which means different ports on the IPCop firewall** so they are
inspected as they pass to/from each other.
[ **NOTE: This is somewhat of a simplification. Although you _can_
filter packets between nodes on the same subnet/port, it's far more
complex of a setup and not ideal in the great majority of cases. And
its a security nightmare as people can "sniff" the wire, even if they
cannot directly access the IP addresses, long story. As such, the
great majority of firewalls out there don't offer this. ]
- IEEE 802 WLAN Security
Which leads us back to Wired Equivalent Privacy (WEP), MAC address
restriction and other developments. These are basically "filters" at
layer 2 to prevent different layer 2 nodes from talking to each other.
WEP is an encryption mechanism used by AP to both prevent access to the
AP and all the other WLAN nodes on it (which includes any bridges to an
Ethernet trunk) as well as encrypt the packets sent over the air to the
AP and its nodes. The cipher is a poor choice (RC4, like SSL), and the
negotiation is even worse (very simplistic, far worse than SSL).
You can also limit access to APs based on the [usually] hardcoded MAC
address in a WLAN NIC. Of course, this is something that can be
circumvented with OEM NIC tools.
Lastly are newer developments trying to address WEP weaknesses. One
such development is an adaptation of 802.1x**. Several "high-end" APs
and routers/firewalls with integrated WLAN ports are adopting 802.1x
approaches (e.g., usually in conjunction with a Radius server for
authentication). I don't want to go deep into this because its not
very applicable to most end-users, and I myself haven't dove into it
too much yet.
[ **NOTE: IEEE 802 consists of several committees. 802.3+ are the
specific, "media access control" (MAC) layers for different mediums.
E.g., 802.3 for Ethernet, 802.5 for Token Ring, 802.11 for WLAN,
802.15 for Bluetooth, etc... Then there is the link logical layer
(LLC), 802.2, which forms the "basis" for data organization for _all_
of the MACs. I.e., in general, OSes/system software only need to
organize data for 802.2/LLC, instead of having specific ones for 802.3
Ethernet, 802.11 WLAN, etc... 802.1 is pretty much a "hodgepodge" of
_optional_ 802 add-ons, technologies and other details. E.g., 802.1q
is virtual LANs (VLAN) which is important when you get into Gigabit
Ethernet (at least important if you know what you are doing ;-),
although its applicable to any other medium/speed as well. ]
-- Bryan
--
The US government could be 100x more effective, and 1/100th the
Constitutional worry, if it dictated its policy to Microsoft as
THE MAJOR CUSTOMER it is, and not THE REGULATOR it fails to be.
---------------------------------------------------------------
Bryan J. Smith, SmithConcepts, Inc. mailto:b.j.smith@...
Engineers and IT Professionals http://www.SmithConcepts.com
_______________________________________________
LeapList mailing list
LeapList@...
http://www.matrixlist.com/mailman/listinfo/leaplist
-------------------------------------------------------

Hi,
I found out (probably someone else did it also) that if I want to make a =
PPTP connection, in the dial.cgi file there is a hardcoded address for =
the PPTP server (10.0.0.138) I replaced the IP with =
$pppsettings{'TELEPHONE'}, which worked! The same for 0.1.2b2, altough I =
could't get the PPTP connection working in 0.1.2b2 at all!=20
Regards
Martijn Jongen (who's very new to ipcop and linux)

On 24.05.2002 16:19 John Edwards wrote:
> On Fri, May 24, 2002 at 12:10:26AM +0100, stinga wrote:
> <snip>
>
> > G'day John,
> >
> > I was more concerned about downloading new versions of untested
> code.
> > I know that there are newer versions but how safe are they?
>
> Well you could download them and just 'diff' FILES and make.sh to
> find the differences in the files that are downloaded and make the
> changes yourself. It's not too difficult, and you could automate
> the process with patch.
>
> > make.sh does not work out of the box.
> > One problem is the read -p statement fails, so if IPCOP_FILE_CACHE
> is
> > not defined you get an error and the next and then it starts to
> clean
> > your home directory! not very nice of it.
> > Removing the -p allows the read to work.
> > Maybe /bin/bash is screwy on my box.
>
> Try running "bash -version" - on a RedHat 7.2 box this should be 2.05,
>
> which can use "read -p" without problems. To test it run the following
>
> at a command prompt:
>
> bash -c 'read -p "Please type in a name: " test ; echo "You typed in
> :" $test '
>
>
>
> --
> John Edwards
> shade@...
Thanks John...
I had already discovered my bash was out of date.
Saw an warning message in the ipcop log
So I duly down loaded, compiled and installed.
But of course it installs in /usr/local/bin and passwd specifies
/bin/bash.
(Why oh why can't people leave things alone, apache install was/is the
same)
Seems to me that if the developer/packager wants bash in /usr/local/bin
then RedHat should go with that and not move it somewhere else.
Anyway, I know have read -p working.
But now rpm is out of date and very few of the rpms install.
Time to move away from the hated rpm process and down load the source.
Anyway, we are getting there...
version 2 will be done by the time I've got the setup working... :-)
--
'ooroo
stinga...(:)-)
---------------------------------------------------
Email: stinga@... o
You need only two tools. o /////
A hammer and duct tape. If it /@ `\ /) ~
doesn't move and it should, > (O) X< ~ Fish!!
use the hammer. If it moves and `\___/' \) ~
shouldn't, use the tape. \\\
---------------------------------------------------

Hi,
I'm using IPCOP for some time now, and am willing to help out with
0.2 programming. I have knowledge of PHP, but don't think thats of a
lot of use for IPCOP. I am willing to learn stuff, but can someone
tell me how far development is, and if it is still going on ?
maybe someone can tell me what I can do, or what I can learn, so I
can help out.
Thanks a lot
Pieterjan
--
Pieterjan Heyse
E-Mail: Hermes@...
ICQ: 43037479
GSM: 0496/755987
http://www.rds-clan.be
Sent with The Bat! v1.51

On Fri, May 24, 2002 at 12:10:26AM +0100, stinga wrote:
<snip>
> G'day John,
>
> I was more concerned about downloading new versions of untested code.
> I know that there are newer versions but how safe are they?
Well you could download them and just 'diff' FILES and make.sh to
find the differences in the files that are downloaded and make the
changes yourself. It's not too difficult, and you could automate
the process with patch.
> make.sh does not work out of the box.
> One problem is the read -p statement fails, so if IPCOP_FILE_CACHE is
> not defined you get an error and the next and then it starts to clean
> your home directory! not very nice of it.
> Removing the -p allows the read to work.
> Maybe /bin/bash is screwy on my box.
Try running "bash -version" - on a RedHat 7.2 box this should be 2.05,
which can use "read -p" without problems. To test it run the following
at a command prompt:
bash -c 'read -p "Please type in a name: " test ; echo "You typed in :" $test '
--
John Edwards
shade@...

Has anyone posted the fixes to the squid graphs?
I've searched the list and haven't found them (other than Donald Webster's
re-write which are no longer available).
I get everything but the graphs themselves and looking at the source, it
calls for "/images/null.gif"
Could someone post the instructions to fix this?
Robert Mattix

On 23.05.2002 23:49 John Edwards wrote:
> On Thu, May 23, 2002 at 06:32:20PM +0100, stinga wrote:
> > G'day all,
> >
> > I have been looking at building ipcop from scratch (helping someone
> out)
> >
> > I can find all the packages in src/FILES with the following
> exceptions.
> >
> > Any ideas?
> >
> > No such file `glibc-2.2.4-19.3.i386.rpm'.
> > No such file `glibc-common-2.2.4-19.3.i386.rpm'.
> > No such file `openssh-2.9p2-12.i386.rpm'.
> > No such file `openssh-server-2.9p2-12.i386.rpm'.
> > No such file `squid-2.4.STABLE1-6.i386.rpm'.
> > http://www.snort.org/releases/snort-1.8.3-5.i386.rpm:
> > 18:17:08 ERROR 404: Not Found.
> > No such file `util-linux-2.10s.tar.gz'.
> > No such file `ext3-0.0.7a.tar.gz'.
> >
> > The make.sh file does not work either and needs modification.
> >
> > Beware:
> > Running make.sh without setting IPCOP_FILE_CACHE results in the
> files
> > in your home directory being deleted!
> > Unless you make some changes :-)
> >
> stinga...(:)-)
>
> Hi
> RedHat have released updated versions of glibc (2.2.4-24) and openssh,
>
> so the rpm files you are trying to download will have been replaced.
> Look at the FILES file to see what it's trying to download, then check
>
> what's actually on the ftp site.
>
> Try downloading the latest CVS version of IPCop, which I think already
>
> has this fixed. As IPCop is based on RedHat 7.2 it needs to be altered
>
> when new packages come out (unless you rewrite make.sh to do some
> fancy
> pattern matching to find the correct rpm to download).
>
> ps. The make.sh file does explain about the IPCOP_FILE_CACHE variable.
>
> --
> John Edwards
> shade@...
G'day John,
I was more concerned about downloading new versions of untested code.
I know that there are newer versions but how safe are they?
make.sh does not work out of the box.
One problem is the read -p statement fails, so if IPCOP_FILE_CACHE is
not defined you get an error and the next and then it starts to clean
your home directory! not very nice of it.
Removing the -p allows the read to work.
Maybe /bin/bash is screwy on my box.

On Thu, May 23, 2002 at 06:32:20PM +0100, stinga wrote:
> G'day all,
>
> I have been looking at building ipcop from scratch (helping someone out)
>
> I can find all the packages in src/FILES with the following exceptions.
>
> Any ideas?
>
> No such file `glibc-2.2.4-19.3.i386.rpm'.
> No such file `glibc-common-2.2.4-19.3.i386.rpm'.
> No such file `openssh-2.9p2-12.i386.rpm'.
> No such file `openssh-server-2.9p2-12.i386.rpm'.
> No such file `squid-2.4.STABLE1-6.i386.rpm'.
> http://www.snort.org/releases/snort-1.8.3-5.i386.rpm:
> 18:17:08 ERROR 404: Not Found.
> No such file `util-linux-2.10s.tar.gz'.
> No such file `ext3-0.0.7a.tar.gz'.
>
> The make.sh file does not work either and needs modification.
>
> Beware:
> Running make.sh without setting IPCOP_FILE_CACHE results in the files
> in your home directory being deleted!
> Unless you make some changes :-)
>
> --
> 'ooroo
>
> stinga...(:)-)
Hi
RedHat have released updated versions of glibc (2.2.4-24) and openssh,
so the rpm files you are trying to download will have been replaced.
Look at the FILES file to see what it's trying to download, then check
what's actually on the ftp site.
Try downloading the latest CVS version of IPCop, which I think already
has this fixed. As IPCop is based on RedHat 7.2 it needs to be altered
when new packages come out (unless you rewrite make.sh to do some fancy
pattern matching to find the correct rpm to download).
ps. The make.sh file does explain about the IPCOP_FILE_CACHE variable.
--
John Edwards
shade@...

G'day all,
I have been looking at building ipcop from scratch (helping someone out)
I can find all the packages in src/FILES with the following exceptions.
Any ideas?
No such file `glibc-2.2.4-19.3.i386.rpm'.
No such file `glibc-common-2.2.4-19.3.i386.rpm'.
No such file `openssh-2.9p2-12.i386.rpm'.
No such file `openssh-server-2.9p2-12.i386.rpm'.
No such file `squid-2.4.STABLE1-6.i386.rpm'.
http://www.snort.org/releases/snort-1.8.3-5.i386.rpm:
18:17:08 ERROR 404: Not Found.
No such file `util-linux-2.10s.tar.gz'.
No such file `ext3-0.0.7a.tar.gz'.
The make.sh file does not work either and needs modification.
Beware:
Running make.sh without setting IPCOP_FILE_CACHE results in the files
in your home directory being deleted!
Unless you make some changes :-)
--
'ooroo
stinga...(:)-)
---------------------------------------------------
Email: stinga@... o
You need only two tools. o /////
A hammer and duct tape. If it /@ `\ /) ~
doesn't move and it should, > (O) X< ~ Fish!!
use the hammer. If it moves and `\___/' \) ~
shouldn't, use the tape. \\\
---------------------------------------------------

On Thursday 23 May 2002 02:34 am, Stephen.Thompson@... wrote:
>> -----Original Message-----
>> From: Phil Barnett [mailto:philb@...]
>> Sent: 23 May 2002 01:41
>> To: ipcop-devel@...
>> Subject: [IPCop-devel] Interesting vpn project we might take
>> advantage of.
>>
>>
>>
>> http://freshmeat.net/projects/openvpn
>>
>>
> It could be worth considering but as it uses TLS and everything else
> uses IPSec, we could be locking out other systems. I think that more
> work should be done with FreeSwan to allow road warrior
> configurations rather than changing VPN systems
I was thinking more along the lines of 'in addition to', not 'in
replacement of'.

It could be worth considering but as it uses TLS and everything else uses
IPSec, we could be locking out other systems. I think that more work should
be done with FreeSwan to allow road warrior configurations rather than
changing VPN systems
Regards,
Stephen.
-----Original Message-----
From: Phil Barnett [mailto:philb@...]
Sent: 23 May 2002 01:41
To: ipcop-devel@...
Subject: [IPCop-devel] Interesting vpn project we might take advantage
of.
http://freshmeat.net/projects/openvpn
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
_______________________________________________
IPCop-devel mailing list
IPCop-devel@...
https://lists.sourceforge.net/lists/listinfo/ipcop-devel
-------------------------------------------------------------------------------------------
Copyright material and/or confidential and/or privileged information may be contained in this e-mail and any attached documents. The material and information is intended for the use of the intended addressee only. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you may not copy, disclose, distribute, disseminate or deliver it to anyone else or use it in any unauthorised manner or take or omit to take any action in reliance on it. To do so is prohibited and may be unlawful. The views expressed in this e-mail may not be official policy but the personal views of the originator. If you receive this e-mail in error, please advise the sender immediately by using the reply facility in your e-mail software, or contact postmaster@... Please also delete this e-mail and all documents attached immediately.
Many thanks for your co-operation.
BMW Financial Services (GB) Limited is registered in England and Wales under company number 01288537.
Registered Offices : Europa House, Bartley Way, Hook, Hants, RG27 9UF
------------------------------------------------------------------------------------------

>I have been trying to install IPCop for several days, on several different
>computers, using several different NIC's (from the supported list). Every
>attempt has failed. I finally found that I could use alt-F2 to view the log
>of what had happened. When insmod tries to load the nic module it is looking
>in path /lib/modules/2.2.20/net. The directory on the CD (viewed from
>Windows) is lib/modules/2_2.20/net. The error message reads that the
>directory doesn't exist. I don't know how to fix the directory mismatch.
Sounds like a Windows CD-burner that insisted on having only one '.'
in a file name...
What software did you use to unpack/create/burn the CD?
Did you use the "Burn Whole CD" menu, or try to unpack it into
Windows, and then burn it? Cuz the latter would have done what you
describe, and it ain't gonna work... Dig into the CD-burning
software for a menu item that is about burning a whole CD from an
"image" or "Whole CD" or something. That's the one you want.
--
Like Music? http://l-i-e.com/artists.htm
My hard drive crashed on April 28th... Re-send any critical email.

I have been trying to install IPCop for several days, on several different
computers, using several different NIC's (from the supported list). Every
attempt has failed. I finally found that I could use alt-F2 to view the log
of what had happened. When insmod tries to load the nic module it is looking
in path /lib/modules/2.2.20/net. The directory on the CD (viewed from
Windows) is lib/modules/2_2.20/net. The error message reads that the
directory doesn't exist. I don't know how to fix the directory mismatch.
Steve Gould
Network Administrator
APA - The Engineered Wood Association
253-620-7454
steve.gould@...

I am building IPCOP 0.1 from source.
I can not find the lfs-1.10 package.
Can anyone forward me one?
Thanks
--Zhigang
__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

Hello Phil,
Sunday, May 19, 2002, 8:24:19 AM, you wrote:
>> I have just found a browser that does not
>> bother with IPcops login.
>> When I open the webadmin page in this browser I never once get
>> asked for a login/password and I can see, do whatever I want.
>>
>> The browser is Voyager and available at:
>> http://www.majorgeeks.com/article.php?sid=1466
>>
>> I am using the beta 0.1.2 ISO clean install.
>> PS I never had to setup any DMZ pinholes and my green clients can
>> get mail from ORANGE and FTP/HTTP Orange with no problems, Plus I
>> can surf etc from Orange... Is this meant to happen?
PB> Has anyone confirmed this?
I received an email from someone (cant remember who sorry) that said
it used the cache from IE to supply username and password by itself.
I have just told my IE browser not to remember IPCops login password
and now I get page not found errors from Voyager browser.
As I am the only one who uses this computer I let IE remember the
login ID and password for my own ease...
When I reallow IE to remember the user/password Voyager can again surf
IPCOp admin pages with no problems. So I am assuming the cache theory
is correct.
I hope this relieves some stress for you all...
--
Best regards,
Mark mailto:mvanbrug@...

On Friday 10 May 2002 07:21 am, you wrote:
> On 10/05/2002,
>
> The following message was beamed across the Internet:
> >> 1. I'm guessing the web interface needs to be viewable from every
> >> browser, ie NS4 - NS6, IE, and all those other Linux ones {The KDE
> >> one}, Opera
> >
> > etc...
> >
> >> So I'm guessing no CSS use, and no JScript
> >
> > See last message.
>
> In relation to the above I have just found a browser that does not
> bother with IPcops login.
> When I open the webadmin page in this browser I never once get
> asked for a login/password and I can see, do whatever I want.
>
> The browser is Voyager and available at:
> http://www.majorgeeks.com/article.php?sid=1466
>
> I am using the beta 0.1.2 ISO clean install.
> PS I never had to setup any DMZ pinholes and my green clients can
> get mail from ORANGE and FTP/HTTP Orange with no problems, Plus I
> can surf etc from Orange... Is this meant to happen?
Has anyone confirmed this?

Hello John,
Thursday, May 16, 2002, 5:28:05 AM, you wrote:
JE> Could some people run "grep setup /etc/shadow" or "grep root /etc/shadow"
JE> to see if it look like:
JE> setup:0aASyjG5xe98i:11764:0:99999:7:::
JE> for a crypt password, or:
JE> setup:$1$ooBs0s74$2qdZQVQ9FUmyD7lp8jwcs.:11822:0:99999:7:::
JE> for a MD5 password (note the leading $).
JE> If we can confirm the problem then this might explain why people are
JE> having problems with password lengths, as crypt passwords are limited
JE> to 8 characters.
JE> TIA.
I have run both these commands and I get error: shadow no such file
This is on IPCop beta0.1.2 with the patch installed.
Clean install from ISO
--
Best regards,
Mark mailto:mvanbrug@...

Hi
I'm finding that the passwords that are set during installation are
using the shorter Unix crypt encryption, whereas passwords set after
installation are using (MD5 as specified in PAM). I've confirmed this
on three machines running IPCop 0.1.1 with patches 1 to 5 installed.
Could some people run "grep setup /etc/shadow" or "grep root /etc/shadow"
to see if it look like:
setup:0aASyjG5xe98i:11764:0:99999:7:::
for a crypt password, or:
setup:$1$ooBs0s74$2qdZQVQ9FUmyD7lp8jwcs.:11822:0:99999:7:::
for a MD5 password (note the leading $).
If we can confirm the problem then this might explain why people are
having problems with password lengths, as crypt passwords are limited
to 8 characters.
TIA.
--
John Edwards
shade@...

Community

Help

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

CountryState

JavaScript is required for this form.

I agree to receive quotes, newsletters and other information from sourceforge.net and its partners regarding IT services and products. I understand that I can withdraw my consent at any time. Please refer to our Privacy Policy or Contact Us for more details